[CentOS] SELinux - way of the future or good idea but !!!

Mon Nov 29 03:37:29 UTC 2010
Les Mikesell <lesmikesell at gmail.com>

On 11/28/10 5:29 PM, Marko Vojinovic wrote:
>
> I wouldn't know the typical ratio itself as a number, but I can tell you it is
> surely less than one. I had three identical systems compromised at the same
> time (one of the users had a weak password, and he used the same password on
> all three machines... you wouldn't believe...). Two systems had SELinux
> disabled, the third one had it enabled. For the first two, intruder managed to
> escalate to root and I had a busy weekend reinstalling those machines from
> scratch afterwards. For the third one, the intruder never managed to escalate
> to root, and this was clearly visible in SELinux and other system logs. I
> simply purged that user account and had everything working in no time.

But that means you were running software with vulnerabilities or a user would 
not be able to become root anyway.  Is that due to not being up to date (i.e. 
would normal, non-SELinux measures have been enough), or was this before a fix 
was available?

-- 
   Les Mikesell
    lesmikesell at gmail.com